similar to: how do I configure shorewall to block people port scanning ?

Just installed psad and am testing it. This morning I awoke to an email saying: [-] You may just need to add a default logging rule to the /sbin/ip6tables ''filter'' ''INPUT'' chain on hydra. For more information, see the file "FW_HELP" in the psad sources directory or visit: http://www.cipherdyne.org/psad/docs/fwconfig.html Well I have

Hi, I''d like to use psad from www.cipherdyne.com that analyze iptables log messages on my firewall-shorewall. It complains to incorrectly configured iptables when starting. This is the message : -------------------------------------------------------------------------------------------------- ** The INPUT chain in the iptables ruleset on debian4 includes a default LOG rule for all

I'm running CentOS 4 with Blue Quartz on a white box, and having problems with installing Portsentry vi the .tar.gz route. Various errors, etc. Anyone here know of a source, like an RPM or something, for Portsentry for CentOS? ... or a similar app? thnx, Manny

Il giorno mar, 25/04/2017 alle 13.26 +0100, Rowland Penny via samba ha scritto: > On Tue, 25 Apr 2017 14:07:05 +0200 > Dario Lesca via samba <samba at lists.samba.org> wrote: > > > I have setup a new Samba Active Directory DC on Fedora 25 and > > samba- > > 4.5.8-1.fc25.x86_64, rebuild from src.rpm with dc option enable. > > > > This system

I read LinuxFest NW 2005 Presentation pdf. On page 32, mentioned it required patches on kernel 2.6.x and netfilter and It only said that SuSE 9.2 and 9.3 had patches on it''s stock kernel. I''m using Redhat AS 4. Anybody knows does the stock kernel and netfilter had theses patches patched ? or How should I know the kernel and netfilter had these patches applied ? thanks!

Is there any text console base config tool for shorewall ? I know that there is a webmin module but I don''t want to install webmin to minmize any security problem.

https://bugzilla.mindrot.org/show_bug.cgi?id=3539 Bug ID: 3539 Summary: sshbuf memory leak in recv_rexec_state() Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Il giorno mer, 26/04/2017 alle 07.27 +0100, Rowland Penny via samba ha scritto: > On Wed, 26 Apr 2017 01:55:16 +0200 > Dario Lesca via samba <samba at lists.samba.org> wrote: > > Your problem is that you need to find out just who dhcpd runs as on > fedora. On Devuan it is root and everything just works. Yes, on Debian work. And with this patch: [root at fedora-addc ~]#

I have setup a new Samba Active Directory DC on Fedora 25 and samba- 4.5.8-1.fc25.x86_64, rebuild from src.rpm with dc option enable. This system (fedora-addc) is only an AD-DC. In the next days I will deploy another Centos 7 samba member server with standard samba-4.4.4 rpm (without dc enabled) and join it to Fedora AD-DC for manage data users. After install bind dns and samba new rebuild

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

Il giorno mar, 25/04/2017 alle 14.36 +0100, Rowland Penny via samba ha scritto: > > However I would like to enable also the DHCP service, and think > > it's right to activate it on this server. > > > > What is the best way to do so? > > Well you could always do it the way I have been doing it for the last > 5 years, see here: > >

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 ------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET ------- I've tested the proposed patch against the iptables-1.3.7 source, and find that it works in the reported broken case: # iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG # ./iptables-save > ipt.out # ./iptables-restore

Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha scritto: > On 8 Sep 2014 17:00, "Frantisek Hanzlik" <franta at hanzlici.cz> wrote > ... > > > > Hi James, thanks for reply. It seems as at SerNet's site have > > packages > > for RHEL6/Centos6 only, not for RHEL7/Centos7 or any Fedora > > versions, > > at least this. >

Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small ''internet cafe / netcafe'' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from ''harming the Internet'' :) ? I specifically want to be able to detect and prevent

Il giorno mar, 06/10/2015 alle 16.23 +0100, Rowland Penny ha scritto: > OK, from the smb.conf manpage: > > To use the CUPS printing interface set printcap name = cups. > This should be supplemented by an addtional setting printing = > cups in the [global] section. printcap name = cups will > use the "dummy" printcap created by CUPS, as specified in your > CUPS

Hi, all: This is just a note and suggestion, not a question; but I really like this system and thought it might be useful to others so I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects

Il giorno mar, 25/04/2017 alle 14.36 +0100, Rowland Penny via samba ha scritto: > On Tue, 25 Apr 2017 15:09:55 +0200 > Dario Lesca via samba <samba at lists.samba.org> wrote: > > > > Thanks Rowland, then the AD-DC is ok. > > This little virtual server (3Gb of disk) must do only the DNS and > > AD-DC for my network. > > > > However I would like to

Hi, on my c6.3 server (guest of a vmware host) I have a strange load average value: w command: > [root at s-doc ~]# w > 11:19:23 up 41 days, 23:15, 1 user, load average: 4,03, 4,03, 4,00 > USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT > root pts/2 dodo:S.0 11:15 0.00s 0.02s 0.00s w top command: > top - 12:13:31 up 42 days, 9 min, 1

Hi, I have plug in this USB network device: > Bus 001 Device 002: ID 2001:1a02 D-Link Corp. > T: Bus=01 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#= 2 Spd=480 MxCh= 0 > D: Ver= 2.00 Cls=ff(vend.) Sub=ff Prot=00 MxPS=64 #Cfgs= 1 > P: Vendor=2001 ProdID=1a02 Rev= 0.01 > S: Manufacturer=D-Link > S: Product=DUB-E100 > S: SerialNumber=E5ECEB > C:* #Ifs= 1 Cfg#= 1

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key